Last update: 6/2/2014 Link to Microsoft TechNet article response
When runnning a Windows 7 or Windows 8 OSD install task sequence on ConfigMgr 2012 SP1 (CU2 and CU3), I’ve noticed that it seems to get stuck and appears to hang for a while when it gets to the “Install Software Updates” step. Typically it will sit there for 5- 10 minutes or so with no apparent activity before it starts applying the updates as required. The updates do eventually apply and the build completes as normal.
A light hearted post that I will update over time as I find new examples of typos and error in ConfigMgr log files.
(note: changed to be typos in ConfigMgr in general now)
If you work in a site that uses WSUS and just has auto-approve rules setup, then read no further. Just go and create Auto Deployment Rules in ConfigMgr that will continue to do exactly the same thing.
If you work in an organisation that reviews and approves each Microsoft update to be released, and over the years you have a fairly unfriendly looking list of approved and not-approved updates, then the thought of going through that list, manually selecting each update to add to an Update Group, and then repeating for each computer group, probably isn’t very appealing.
Finding myself in that situation I did what any rational lazy admin would do before scripting my own solution:
TO THE INTERNET
Luckily, I managed to stumble across this site which seems to do exactly that is required. I haven’t tested it out yet, but it’s published on a Technet Blog, so what could possibly go wrong?
UPDATE: Yes, it all works as required. One thing to watch for is ConfigMgr doesn’t let you approve/deploy superseded and expired updates, so you will probably notice your update groups have fewer approved updates than you have been deploying. The scripts also don’t do anything about approving the newer versions of those older updates so you’ll need to then check what updates are required. Not such a drama really as most of the heavy lifting has already been done by the scripts.
Most of the lists I’ve seen people put together have the Remote Desktop (RDP) shortcut first with the corresponding desktop shortcut after. That doesn’t makes sense to me. I’m used to looking on the left side for what I want to match, then across to find the required entry I need. So here is my contribution to a lookup list that makes sense, and is also in a nice table format you can print out and stick on a wall rather than a hard to read text list.
http://support.microsoft.com/kb/186624
| Native Desktop | RDP Session | Description |
| CTRL + ALT + DEL | CTRL + ALT + END | PANIC! |
| ALT + TAB | ALT + PAGE UP | Switch to next Window |
| ALT + SHIFT + TAB | ALT + PAGE DOWN | Switch to previous Windows |
| ALT + ESC | ALT + INSERT | Cycle Windows in order used |
| CTRL + ESC | ALT + HOME | Start Menu |
| ALT + SPACE | ALT + DELETE | Open the Window menu (resize, move etc) |
| ALT + Print Screen | CTRL + ALT + MINUS | Capture the active window in RDP session |
| Print Screen | CTRL + ALT + PLUS | Capture full screen of RDP session |
This one had me puzzled. After various issues I got fed up and decided to do a full uninstall and reinstall of my ConfigMgr site. The whole thing. Blow away the database, clean out all the directories and start the install from scratch.
All was well right up to the point I tried to install CU2. It kept telling me it was already installed and I could only recreate the update packages.
“This update is already installed on the computer. Only options to create deployments for this update are available.”
OK I thought, it must have detected the old windows installer cache files or something and auto updated to CU2 during install. However, creating the update packages then failed saying the source wasn’t available.
A quick version check and the CM2012 files are still SP1 version. A check of installed updates shows the CU2 update already installed, but no repair or uninstall option is available. At this point I was getting ready to start hacking entries out of the registry.
But first… TO THE INTERNET!
Installing Configuration Manager 2012 clients on all my servers was fairly easy and straight forward. With one exception – My TMG2010 server running Server 2008R2.
For some reason, the client would install, but would never assign itself to my site, or download policies. The firewall rules allowed it to talk to the ConfigMgr server, and monitoring the traffic showed nothing was being blocked at all.
Much digging in TechNet etc and I found various mentions relating to certificates. This put me on the right track and got me 80% of the way there, but not quite.
There was not a lot of indication of what was going wrong. Most of the logs just weren’t reporting anything, let alone an error. The one log that was showing something is the “ClientIDManagerStartuplog” with repeating entries of
RegTask: Failed to get certificate. Error: 0x80004005
This was the only place I could find an indication of what was wrong.
Various articles say to delete all the files in the MachineKeys certificates folder. That is VERY BAD, DO NOT DO THAT!
While they are misguided, they do point to the correct resolution. Some suggest deleting one specific file which is the SMS certificate. At first, permissions blocked me doing this, but even after deleting it, the problem would repeat.
Annoying stuff I figured out (or am trying to) 